Biometric authentication is the latest, shiniest toy for large tech companies, especially among manufacturers of smartphones. Technology like fingerprint sensors, iris scans, facial image recognition and voice recognition used to be the stuff of sci-fi movies. But now, thanks to companies like Apple, biometric recognition systems (especially finger scanning), are directing modern smartphones into miracles of ease and suitability. A finger touch can easily unlock a phone without the requirement of a password. A simple fingerprint touch can help you in paying bills, buying groceries, and transfer hundreds worth of money. However, while may be super convenient, it can leave a massive gap in personal security.
In April 2017, a report was published by New York University and Michigan State University regarding fingerprint hacking. The fingerprint sensors present on your phones and tablets are previously imperfect with weak security protection. They do not guarantee privacy. The researchers emphasize that the sensors are tiny. They can only grab a small portion of the fingerprint. Therefore, it increases the possibility of matching with another fingerprint which is even slightly similar to yours.
The report revealed that smartphones could easily be fooled by false fingerprints, which are composed digitally of several features noticed in individual prints. By computer replications, the researchers were able to form a set of artificial Master Prints. These master prints can match the real prints, which are similar to those used by the phones as much as 65 percent of the day.
Human fingerprints are extremely difficult to fake. However, finger scanners on the phone can read the partial prints only when you set fingerprint security on your smartphone. At that time the phone usually records almost eight to ten images of a finger to make the matching easy and straightforward. Since a single finger swipe has to match only one retained image to unlock the phone, nearly all phones are vulnerable to fake matches.
What is fingerprint scanning?
Fingerprints scanners are recognition systems known as snoop level technology. Over the past few years, fingerprint scanning has become completely universal and omnipresent. In fact, biometric technology is very beneficial to law enforcement agencies and various other organizations.
Fingerprint scanning is a process of obtaining and storing human fingerprints by electronic means. The digital image gained after scanning is known as finger image.
It is a biometric procedure which includes the automatic capture, examination, and evaluation of specific characteristics of the human body. There are various methods by which a device or tool can capture the details, such as the pattern of both branches and raised areas, in the image of the human finger. The most usual and familiar methods include optical, tactile, and thermal. All these methods work by using heat emission analysis, pressure analysis, and visible light analysis.
How does it work?
The process of scanning begins when you put your finger on a glass plate. After this, a CCD camera captures a picture of your fingers. The scanner consists of a light source. From the scanner, a wide range of light emitting diodes to illuminate the raised areas, i.e., ridges of the finger. In the meantime, the CCD system produces a reversed image of the finger. The dark regions signify more reflected light while the lighter areas characterize less reflected light.
The scanner processor makes sure that the image obtained is clear, inspects the pixel darkness, and discards the scan if the image captured is not perfect, i.e., it is too dark or too light. After rejection, the scanner tries to scan the image again after adjusting exposure.
If the fingerprint image is of good definition, then a line flowing perpendicular to the raised areas will be made up of alternating sections of extremely dark pixels and extremely light pixels.
When a hard, crispy, a properly exposed image is obtained so, the processor compares it with the taken fingerprint with other prints on the file.
The fingerprint detection is set up on several smartphones. These biometric validations are more critical and vibrant in China. Especially now since smartphone-based e-wallets and cell phones payments are highly popular in the country.
A vital and acute concern of the fingerprint technology is that it can easily get hacked. Although it seems complicated and impossible, it does happen. Some hackers use a 3D printed mold, which is made from a retained fingerprint image. Fingerprints can get stolen despite firewalls and security. PIN codes and passcodes can quickly change, but a fingerprint does not change. One-time credential theft becomes a lifetime of susceptibility and vulnerability.
The cybersecurity expert and military commentator of People’s Liberation Army recently rekindled the warning. He said on a China Central Television (CCTV) program, that the security protection can get hacked. Malicious and vicious people can fake your fingerprint with the help of tools which are as plain as a translucent film and a circuit scribe. The film with ink from the circuit marker gets attached to cover half of the phone’s fingerprint reader. And the owner can use his finger for unlocking the phone even though the sensor reads only half of the print.
The sensing and matching of fingerprints algorithms assumed by Apple’s iOS and Android systems are based on machine learning algorithms. It’s an advanced process which occurs in minutes to allow the user to unlock the phone. The user puts his finger on the reader while using a capacitive touch to take in the image of a print and updating the print image which is already stored in the phone. However, similarly, a deceiving ink pattern on a translucent film can count as an update to the stored image.
China Central Television (CCTV) programs demonstrate that in some cases low-tech knock-off fingerprints which are made up of film and circuit-scribe ink has tricked people and unlocked several phones. These phones belong to some of the most renowned companies such as Apple, Huawei, Samsung, and Xiaomi.
It is a clear warning that fingerprints can get hacked. However, unlike passcodes, you cannot change your fingerprints. Therefore, a single credential theft often leads to a lifetime vulnerability. That’s why most cybersecurity experts persuade users to utilize two-factor authentication. With this, you cannot be snooped from the easiest of ways.
To avoid the fingerprint hacking, last year lawmakers of Washington passed ground-breaking legislation which forbids organizations from collecting or selling the biometric information without the accord of the individual. Due to the rising concerns – regarding the use of pinched biometric identifiers to compel identity fraud – the voting ratio was 37-12 in favor by State Senators and 81-17 by the house.